[Secure-testing-commits] r56316 - data
Guido Guenther
agx at moszumanska.debian.org
Sun Oct 1 09:59:22 UTC 2017
Author: agx
Date: 2017-10-01 09:59:22 +0000 (Sun, 01 Oct 2017)
New Revision: 56316
Modified:
data/dla-needed.txt
Log:
lts: add mupdf
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-10-01 09:59:19 UTC (rev 56315)
+++ data/dla-needed.txt 2017-10-01 09:59:22 UTC (rev 56316)
@@ -83,6 +83,10 @@
NOTE: For CVE-2017-14409, https://security-tracker.debian.org/tracker/CVE-2017-9872 might be of interest, files are very similar
NOTE: adapting/writing patches seems to be very time consuming, mp3gain is dead upstream so this might be a candidate for no-dsa -- Hugo Lefeuvre
--
+mupdf
+ NOTE: signedness checks in xps_read_zip_dir are missing (CVE-2017-14686)
+ NOTE: and xml_tag doesn't do a NULL check (CVE-2017-14687)
+--
mysql-connector-python
NOTE: 20170927: Wait for more issues (see ML: https://lists.debian.org/debian-lts/2017/08/msg00039.html) -- Hugo Lefeuvre
--
More information about the Secure-testing-commits
mailing list